Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.


  • Be the first to comment

  • Be the first to like this


  2. 2. METHODIST HOSPITAL IT SECURITY ROLLFOLD BROCHURE THE WHO, WHAT, WHERE, WHEN, WHY, AND HOW OF PROTECTING SENSITIVE INFORMATION Device Security Always keep portable equipment/devices in your sight or securely locked away when not in use If using or traveling with a company-owned laptop, request a cable lock from your IT&S Department If it is necessary to leave your laptop in your vehicle, make sure that the laptop is out of sight Use only encrypted USB drives Do not store sensitive data on a portable device unless it is necessary to perform job functions MALWARE PROTECTION AND INTERNET BROWSING Be aware of phishing Avoid pop-ups that advertise anti-virus or anti-spyware programs Do not install unapproved software to your device Do not plug an unknown USB into your computer Avoid using your company-owned devices to visit certain internet sites such as social networking sites (Facebook, Twitter, etc.) Electronic Communications Think before sending. Ask: 1. Does the communication include sensitive data? 2. Where is it going (internal or external recipients)? 3. Is the recipient authorized to have the data? 4. Is the data protected? Refer to Electronic Communication policy - IS.SEC.002 for more information. EMAIL ENCRYPTION GUIDANCE Add [Encrypt] anywhere in the Subject Line to encrypt the email and email attachments Do not include any sensitive information in the subject line This encryption technique ONLY works when emailing from an MHS email address to an external email address. Messages to internal recipients do not require use of the encryption. Any of the brackets will work to [Encrypt] the email including: [], (), {}, <> ADDITIONAL EMAIL REQUIREMENTS You should NEVER: Use personal email accounts (e.g., Gmail or Yahoo) to conduct company business Forward company email to a personal address Access another person’s email Phishing Phishing is the unlawful attempt to obtain personal identifiable information (PII) about you or others. P Personal Data reference or request H Hyperlinks or Attachments I Inaccurate Information S Suspicious Sender H Hurry Up and Respond VERIFY OR REPORT A PHISH Contact your local Service Desk, your DISO or your FISO Social Engineering Social Engineering is an attempt to gather information from you in order to gain access to systems and/or gain confidential information. Social Engineering can occur in person, over the phone or electronically. Do not share sensitive information with anyone over the phone or in person even if: The person appears “friendly” The person seems to be in a hurry to obtain the information The person uses an agitated tone To avoid social engineering, always: Ask to see a badge Wear your badge Social Media DO NOT post sensitive information, including photos, on the internet. This includes posting on: discussion groups, Facebook, LinkedIn, Twitter, MySpace, YouTube, Flickr, bulletin boards, chat services, non-secured websites and more. Refer to MHS Social Media Guidelines Report suspected violations of company policy regarding social media Mobile Devices Any electronic device that has the potential to store, process or transmit company information wirelessly and is designed for mobility or easy transport such as smart phones and tablets. Susceptible to the same risks as your computer Same physical security rules apply Same email rules apply Per the Confidentiality and Security Agreement (CSA): Personally owned devices that synchronize company data (email on your phone), must be encrypted. Awareness: Threats Follow You Home Your Information Security responsibilities do not stop at the end of your work day. Keep your computer, browser, anti-virus and other critical software up to date Do not respond to pop-ups and deals that sound too good to be true Be aware of cyber-bullying 19380_MHS IT InfoSec Brochurev7.indd 1 1/10/14 12:23 AM WHO EVERYONE is responsible for protecting the security of patients, customers and staff. WHAT What is sensitive information? It is PHI and a lot more. As defined by company privacy policy IS.SEC.005, everyone is responsible for the protection of sensitive information from unauthorized disclosure or use including: Confidential patient information Social security number Financial account information Personnel information Provider credentialing information WHERE Where can Methodist Healthcare employees find key compliance resources? Visit MHSCentral, click the Policy and Procedures link then click Policy Tech. QUICK REFERENCE: What happens if I violate an IT&S policy or standard? See WS.SWB.03 - Sanctions Process Am I using email appropriately? See IS.SEC.002 Information Security - Electronic Communications What did I agree to when I signed a Confidentiality & Security Agreement? See the Confidentiality & Security Agreement Do I use USB drives appropriately? See COM.MH.02 - Information Handling Procedures Do I encrypt emails containing sensitive data? See COM.EI.01 - Electronic Transmissions Do I lock my workstation when I leave it unattended? See AC.UR.02 - Session Security If my laptop or mobile phone was stolen, how quickly must I report it? See IR.RISE.01 - Incident Reporting What are managers required to do? See WS.SWB.01 - Management WHEN When should you report an information security concern or incident? Concerns or incidents must be reported to one of the following within 24 hours: Department director Facility Privacy Officer DISO/FISO Service desk at 210-575-4511 option 2-2 Examples of incidents include: Stolen or lost computer or portable device Misdirected fax or email Computer virus alert Posting of PHI on a social media site WHY Why should you play a role in Information Security? You are legally bound to protect the confidentiality of patient, company and employee information The mission of Methodist Healthcare is “Serving Humanity to Honor God.” Protecting employee and patient privacy is part of this mission. At MHS, we take information protection seriously. Protecting privacy reduces the risk of: Identity Theft Loss of Privacy Loss of Trust Costly breach notifications Malware such as viruses, worms, Trojans, Spyware HOW How can you take part in protecting patient information? Password Protection You should: Keep all passwords confidential. Do not share a password with anyone, ever. Use a variety of user names and passwords for work and personal use. Create a strong password. A strong password uses a combination of letters, numbers and special characters and is both upper and lower case. Workstation Security You should: Lock or log off computers when they are not in use. This will activate the screensaver. To lock the computer: Press CTRL-ALT-DELETE, select LOCK To log off the computer: Select START then select Logoff Log out of applications on shared workstations when done To suspend a session in MEDITECH, press Shift F12 to lock the patient record Be Aware You should: Make sure no one is watching when entering information, PIN numbers or passwords Immediately lock the screen and ask the onlooker if he or she needs assistance, if being watched Information Protection Assures employees and patients that the integrity, confidentiality and availability of electronic protected health information (ePHI) is protected. PHI – Protected Health Information ePHI – Electronic Protected Health Information Methodist Healthcare IT&S staff will never ask for your password. DIRECTOR OF INFORMATION SECURITY OPERATIONS (DISO) Russell Lane FACILITY INFORMATION SECURITY OFFICIAL (FISO) Carl Jones Maria Carmona Martin Rodriguez 210-575-2550 MHS SERVICE DESK 210-575-4511 Option 2-2 CONTACTS Password Reset allows you to reset your password or unlock the primary account you use from any computer on the network. To access this tool click on the Password Reset link on MHSCentral or type passwordreset into your browser address bar. To enroll, click PASSWORD RESET. Protected Health Information (PHI and ePHI) PHI and ePHI is defined by information protection as verbal, written and electronic form that includes one or more of the following: Name Elements of an address All elements of dates except year (i.e. date of birth, admission, discharge, expiration) Telephone and fax number Email address Social Security number Medical record number Health plan number Account number Certificate/license number Vehicle ID or license plate Web Addresses or URLs IP address number Biometric identifiers, finger or voice print Photographic image Any other unique identifying number, characteristic, or code 19380_MHS IT InfoSec Brochurev7.indd 2 1/10/14 12:23 AM
  4. 4. D O U B L E T R E E B Y H I LT O N H O T E L | 2 1 0 H O L I D AY C T. | A N N A P O L I S , M D | 4 1 0 . 2 2 4 . 3 1 5 0 Mother's Day Brunch May 13, 2012 SEATINGS: 11 AM, 12 PM, 2 PM & 2:30 PM ADULTS $29.95 SENIORS $25.95 CHILDREN (6-12) $16.95 CHILDREN 5 & UNDER EAT FREE 18% gratuity and 6% tax will be added to the bill. 041612_DTA_MothersDay Flyer.indd 1 4/23/12 12:09 PM DOUBLTREE ANNAPOLIS HOTEL EMAIL BLASTS
  6. 6. HIGH PEAKS RESORT POSTERS Easterhas arrived Celebrate Mom! Join us for our Mother’s Day Brunch on May 10 – watch for details! H I G H P E A K S R E S O R T.C O M | M A I n S T R E E T l A K E P l AC I d $3495 AdUlTS plus tax & gratuity $2295 KIdS 6-11 plus tax & gratuity BUIld YOUR Own BEnEdICT Choose croissants, English muffins, polenta rounds, top with Canadian bacon, smoked salmon, spinach and more... OMElET STATIOn | wAfflE STATIOn | BlOOdY MARY BAR EASTER EGG dECORATInG STATIOn RESERvATIOnS – 518.523.4411 Join us for EastEr BrunCh sunDay, april 5 | 10aM - 3pM 031115_HPR_Easter Poster.indd 1 3/13/15 11:43 AM Happy Mother’s Day! HIGHPEAKSRESORT.COM | MAIn STREET lAKE PlACId Menu OMElET STATIOn BEnny’S TO ORdER CARvInG PRIME RIB And lEG Of lAMB MAdE TO ORdER WAfflES with fresh berries RISOTTO STATIOn with three types to choose from such as wild mushroom HIGH PEAKS fAvORITES InCludE PAn SEAREd SAlMOn with grilled pineapple salsa MAPlE dIjOn PORK TEndERlOIn and much more! $3495 AdulTS plus tax & gratuity $2295 KIdS 6-11 plus tax & gratuity Join us for mother’s day Brunch sunday, may 10 | 10am - 3pm Reservations518.523.4411 040115_HPR_Mothers Day Poster.indd 1 4/10/15 3:14 PM
  8. 8. W H E R E B O C A C O M E S A S H O R E PLATTERS (serves 12 people) 1 hour advance notice THE LITTLE DIPPER $65 Hummus served with olives, Feta cheese and pita, Fresh guacamole and tortilla chips MEAT & CHEESE $125 Imported and domestic cheeses with chef’s assortment of sliced meats; served with crackers CHICKEN WING PLATTER $75 3 dozen – honey, jerk seasoned wings with mojo ranch dipping sauce SALADS AND SANDWICHES (TO-GO) ATHENS GREEK SALAD $15 ADD: SHRIMP $8 OR CHICKEN $6 Olives, Feta cheese, cucumbers, tomato, stuffed grape leaves, pita with red wine vinaigrette CLASSIC CAESAR SALAD $12 ADD: SHRIMP $8 OR CHICKEN $6 Romaine, Parmesan cheese and croutons SWORDFISH SANDWICH $17 Grilled Swordfish, dill tartar sauce, arugula and tomatoes; served with chips CHEESE BURGER $15 Grilled burger with cheddar cheese, lettuce, tomato and onion; served with chips THE JERK SANDWICH $13 Spicy jerk seasoned chicken breast, arugula and tomatoes; served with chips TURKEY BLT WRAP $12 Chipotle mayonnaise; served with chips DOCK & DASH “TO-GO” MENU • CHANNEL 71 • 561.413.8281 W H E R E B O C A C O M E S A S H O R EW H E R E B O C A C O M E S A S H O R EW H E R E B O C A C O M E S A S H O R EW H E R E B O C A C O M E S A S H O R E MAKE IT A “GOOD CATCH COMBO” AND RECEIVE THE BELOW 3 ITEMS FOR $5.00 ADDED TO ANY ENTRÉE SELECTION Includes: bottled water, fresh whole fruit, and our famous Doubletree chocolate chip cookie. WATERSTONE RESORT & MARINA HOTEL COLLATERAL W H E R E B O C A C O M E S A S H O R E ACCOMMODATIONS 139 newly renovated guest rooms including 11 suites featuring private balconies, all with breathtaking views of the water AMENITIES Newly redesigned and expanded lobby 270-ft waterfront promenade Business center Waterfront swimming pool and sun deck State-of-the-art fitness center Dockside water sport activities 1 block to beach DINING & ENTERTAINMENT Boca Raton’s only ‘on the water’ dining Two new exciting restaurant options: Waterstone Bar & Grill Boca Landing MEETINGS & EVENTS Penthouse level meeting & event space with catering available Panoramic views of the Boca waterfront 102213_WRM_Retractable Banner.indd 1 10/27/13 10:36 PM 9 9 9 E A S T C A M I N O R E A L , B O C A R A T O N , F L 3 3 4 3 2 5 6 1 . 3 6 8 . 9 5 0 0 | W W W . W A T E R S T O N E B O C A . C O M VIP BOATER ON-SITE DOCK MASTER CHANNEL 7 1 • 561.413.8281

    Be the first to comment

    Login to see the comments


Total views


On Slideshare


From embeds


Number of embeds